- 04-idioms: document the lint.sh + smoke_test.sh gates and their wiring
(build.sh gate, pre-commit hook, deploy-time smoke).
- search.sh: ripgrep/grep keyword ranker over the corpus (keywords ×3 +
body), prints ranked docs + matching section headers — makes the RAG
searchable with no index to build. README updated.
- Note: KWONDoc bluge MCP/CLI was unavailable here (MCP not connected;
CLI license-gated), so search.sh delivers the "searchable" goal now; a
bluge/embeddings index can ingest the same .md files later.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Capture the hardening patterns from the solmade audit so future Five work
reuses them: authorize on resolved function name (not URL path), CSPRNG
session tokens stored as hashes, argon2id with legacy-verify + upgrade,
login rate-limit + timing-safe dummy hash, bluemonday HTML sanitize vs
EscHtml, security headers + nonce CSP, upload allowlist (no SVG), bind-all
SQL. Theme: thin Go RTL over an ecosystem crypto lib. INDEX/README updated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A retrieval-ready knowledge base so an LLM can read/write Five without
prior training: overview, syntax, full RTL catalog (from hbrtl/register.go),
web/worker idioms (from the solmade app), and a long-tail gotchas file.
Every doc has keyword/summary frontmatter; INDEX.md is the routing manifest.
Grounded by parallel source exploration; RTL names spot-checked against
register.go. The gotchas file is the compounding asset — append new traps.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
